5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.009 Low
EPSS
Percentile
82.6%
This update for konversation fixes the following issues :
Security issue fixed :
Bug fixes :
Update to version 1.7.4 :
Fixed a bug causing the size of a custom chat text view font set via the configuration dialog to be ignored. A font size modification done via the Enlarge/Decrease Font Size actions is now applied on top of the configured size (or the system default font size, respectively).
Update to 1.7.3 :
Added a copy action to the context menu of nicknames in the chat text view.
Re-enabled channel mode buttons.
Reduced emission of Unicode directional control characters in the chat text view. Unnecessary control characters could sometimes cause problems with copying text from Konversation and pasting it into terminal applications, confusing them.
Fixed handling of nick and channel prefix characters potentially using the same set of symbols.
Removed redundant escaping of angle brackets in GECOS (‘realname’) field.
The nickname combobox will no longer change the nickname to the current value whenvever it loses focus.
Fixed color scheme handling in the treelist version on the tab bar, fixing an issue where the background and text color of the selected item would sometimes be the same, rendering the item unreadable.
Fixed handling of IRC URLs for channels starting with more than one #, addressing a percent-encoding problem with bookmarks of them.
Fixed custom chat text view font family reverting to system default font family upon using the increase/decrease font size actions.
Fixed chat text view font size adjusted via the increase/decrease font size actions reverting to configuration default when OK’ing the config dialog.
Fixed incorrect checkbox states in the Channel Invite dialog.
Fixed a crash in IRC v3 extended-join parsing.
Fixed a crash in parsing IRC color formatting codes.
Fixed a minor memory leak in the Join Channel dialog code.
Removed unnecessary nickname list debug message sent as warning.
Trim description from redundant phrasing, and ensure neutrality.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-1306.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(104769);
script_version("3.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-15923");
script_name(english:"openSUSE Security Update : konversation (openSUSE-2017-1306)");
script_summary(english:"Check for the openSUSE-2017-1306 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for konversation fixes the following issues :
Security issue fixed :
- CVE-2017-15923: Fixed a crash in parsing IRC color
formatting codes (boo#1068097).
Bug fixes :
- Update to version 1.7.4 :
- Fixed a bug causing the size of a custom chat text view
font set via the configuration dialog to be ignored. A
font size modification done via the Enlarge/Decrease
Font Size actions is now applied on top of the
configured size (or the system default font size,
respectively).
- Update to 1.7.3 :
- Added a copy action to the context menu of nicknames in
the chat text view.
- Re-enabled channel mode buttons.
- Reduced emission of Unicode directional control
characters in the chat text view. Unnecessary control
characters could sometimes cause problems with copying
text from Konversation and pasting it into terminal
applications, confusing them.
- Fixed handling of nick and channel prefix characters
potentially using the same set of symbols.
- Removed redundant escaping of angle brackets in GECOS
('realname') field.
- The nickname combobox will no longer change the nickname
to the current value whenvever it loses focus.
- Fixed color scheme handling in the treelist version on
the tab bar, fixing an issue where the background and
text color of the selected item would sometimes be the
same, rendering the item unreadable.
- Fixed handling of IRC URLs for channels starting with
more than one #, addressing a percent-encoding problem
with bookmarks of them.
- Fixed custom chat text view font family reverting to
system default font family upon using the
increase/decrease font size actions.
- Fixed chat text view font size adjusted via the
increase/decrease font size actions reverting to
configuration default when OK'ing the config dialog.
- Fixed incorrect checkbox states in the Channel Invite
dialog.
- Fixed a crash in IRC v3 extended-join parsing.
- Fixed a crash in parsing IRC color formatting codes.
- Fixed a minor memory leak in the Join Channel dialog
code.
- Removed unnecessary nickname list debug message sent as
warning.
- Trim description from redundant phrasing, and ensure
neutrality."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1068097"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected konversation packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:konversation");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:konversation-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:konversation-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:konversation-lang");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"patch_publication_date", value:"2017/11/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.3", reference:"konversation-1.7.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"konversation-debuginfo-1.7.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"konversation-debugsource-1.7.4-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"konversation-lang-1.7.4-3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "konversation / konversation-debuginfo / konversation-debugsource / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | konversation | p-cpe:/a:novell:opensuse:konversation |
novell | opensuse | konversation-debuginfo | p-cpe:/a:novell:opensuse:konversation-debuginfo |
novell | opensuse | konversation-debugsource | p-cpe:/a:novell:opensuse:konversation-debugsource |
novell | opensuse | konversation-lang | p-cpe:/a:novell:opensuse:konversation-lang |
novell | opensuse | 42.3 | cpe:/o:novell:opensuse:42.3 |
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.009 Low
EPSS
Percentile
82.6%